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DETAILED ACTION 

Claim Rejections - 35 USC § 101 
1. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claim 7 is rejected under 35 U.S.C. 101 because the claimed invention is directed to 
non-statutory subject matter. The specification on page 8 paragraph 35 refers to 
machine-accessible medium as electrical, optical, acoustical or other form of 
propagated signals. Signals are non-statutory subject matter and can-not be claimed. 

Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1, 3, 5, 7, 9, 1 1 , 13, 15 and 17 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Lee (US Patent 7047561 B1) in view of Inoue et al. (US Patent 
6167513). 

In regards to claim 1 , Lee shows in figure 5 a packet processing method to using 
a firewall in association with real-time Internet applications. After layer 3 and layer 4 
processing is carried out at step 515, at step 520 the packet is split into TCP and UDP 
data. The process of figure 5 is carried out according to the functions of the network 



Application/Control Number: 10/723,916 Page 3 

Art Unit: 2419 

layers in figure 2, where layers 7 through 3 implement packet filter policy (establishing a 
policy manager). 

Subsequently in steps 550 and 555, packet filtering is applied (examining the 
packet via one or more filters in the policy manager). In further regards, figure 1 
illustrates a schematic diagram of a computer network including a hybrid firewall 100 
inclusive of packet filter 106 (the policy manager having a set of policies represented by 
filters). The packet filter 106 examines packets at layer 3 and layer 4 to selectively 
control the flow of data to and from networks 1 1 0 and 1 20. Packet filter 1 06, will follow 
predetermined security rules that specify which types of packets to allow to pass and 
which types of packets to block (see column 4, lines 40-45) (a first filter to examine a 
type of packet). 

Furthermore, packets are allowed or blocked based on layer 3 information such 
as destination IP address (see column 4, lines 46-50) (or a destination of the packet via 
a second filter). 

Returning to figure 5, if at step 555, a packet is allowed to pass through; at 
subsequent steps 560 and 565, TCP and IP headers are respectively added. 

At step 565, an IP header is added to outgoing packet (dynamically determining 
whether to apply a mobile IP to the packet). 

In further regards to claim 1 , Lee fails to teach neither the filtering policies being 
applied on a mobile node using a mobile IP protocol nor associating mobile IP to the 
packet if the packet does not match with any of the filtering. Inoue teaches the above- 
mentioned limitation in figure 3 where a mobile IP network is shown with gateways 4a- 
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4c and a mobile node 2. Furthermore, since a mobile IP network exists, Inoue is also 
reads on transmitting a packet via a mobile node (see figure 36, arrow going from MN 2 
to CH3). The gateways, carryout filtering according to prescribe security policies for the 
mobile node (see column 11, lines 19-23). 

Furthermore, in figure 20 case 6, where the mobile node is in an external network 
(where being inside the home network reads on the filtering criteria) and a 
correspondent host in the home network, mobile IP is applied (see column 30, lines 9- 
19) and the packet format used is from figure 4D. 

Therefore, it would have been obvious to one skilled in the art at the time the 
invention was made to incorporate the firewall processing method taught by Lee into a 
security policy implement by the gateways in the mobile IP network disclosed by Inoue. 
The motivation to do so would be to provide security for real time applications that use 
mobile IP. 

In regards to claim 3, Lee in combinations with Inoue teaches all the limitations of 
parent claim 1 . Lee also shows in steps 565 an IP header added to a packet. Lee fails 
to show new source and destination addresses being added to an IP header. Inoue 
however shows in figure 7, an inner IP header being added with a new source and 
destination addresses. 

Therefore, it would have been obvious to one skilled in the art at the time the 
invention was made to incorporate the firewall processing method taught by Lee into a 
security policy implement by the gateways in the mobile IP network disclosed by Inoue. 
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The motivation to do so would be to provide security for real time applications that use 
mobile IP. 

In regards to claim 5, Lee shows in step 520, the data being split into TCP and 
UDP data and in steps 550 and 560, UDP packet filtering policy is applied. 

In regards to claim 7, Lee shows in figure 5 a packet processing method to using 
a firewall in association with real-time Internet applications. After layer 3 and layer 4 
processing is carried out at step 515, at step 520 the packet is split into TCP and UDP 
data. The process of figure 5 is carried out according to the functions of the network 
layers in figure 2, where layers 7 through 3 implement packet filter policy (establishing a 
policy manager). 

Subsequently in steps 550 and 555, packet filtering is applied (examining the 
packet via one or more filters in the policy manager). In further regards, figure 1 
illustrates a schematic diagram of a computer network including a hybrid firewall 100 
inclusive of packet filter 106 (the policy manager having a set of policies represented by 
filters). The packet filter 106 examines packets at layer 3 and layer 4 to selectively 
control the flow of data to and from networks 110 and 1 20. Packet filter 1 06, will follow 
predetermined security rules that specify which types of packets to allow to pass and 
which types of packets to block (see column 4, lines 40-45) (a first filter to examine a 
type of packet). 

Furthermore, packets are allowed or blocked based on layer 3 information such 
as destination IP address (see column 4, lines 46-50) (or a destination of the packet via 
a second filter). 
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Returning to figure 5, if at step 555, a packet is allowed to pass through; at 
subsequent steps 560 and 565, TCP and IP headers are respectively added. 

At step 565, an IP header is added to outgoing packet (dynamically determining 
whether to apply a mobile IP to the packet). 

In further regards to claim 7, Lee fails to teach neither the filtering policies being 
applied on a mobile node using a mobile IP protocol nor associating mobile IP to the 
packet if the packet does not match with any of the filtering. Inoue teaches the above- 
mentioned limitation in figure 3 where a mobile IP network is shown with gateways 4a- 
4c and a mobile node 2. Furthermore, since a mobile IP network exists, Inoue is also 
reads on transmitting a packet via a mobile node (see figure 36, arrow going from MN 2 
to CH3). The gateways, carryout filtering according to prescribe security policies for the 
mobile node (see column 1 1 , lines 19-23). 

Furthermore, in figure 20 case 6, where the mobile node is in an external network 
(where being inside the home network reads on the filtering criteria) and a 
correspondent host in the home network, mobile IP is applied (see column 30, lines 9- 
19) and the packet format used is from figure 4D. 

Therefore, it would have been obvious to one skilled in the art at the time the 
invention was made to incorporate the firewall processing method taught by Lee into a 
security policy implement by the gateways in the mobile IP network disclosed by Inoue. 
The motivation to do so would be to provide security for real time applications that use 
mobile IP. 
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In regards to claim 9, Lee in combinations with Inoue teaches all the limitations of 
parent claim 7. Lee also shows in steps 565 an IP header added to a packet. Lee fails 
to show new source and destination addresses being added to an IP header. Inoue 
however shows in figure 7, an inner IP header being added with a new source and 
destination addresses. 

Therefore, it would have been obvious to one skilled in the art at the time the 
invention was made to incorporate the firewall processing method taught by Lee into a 
security policy implement by the gateways in the mobile IP network disclosed by Inoue. 
The motivation to do so would be to provide security for real time applications that use 
mobile IP. 

In regards to claim 1 1 , Lee shows in step 520, the data being split into TCP and 
UDP data and in steps 550 and 560, UDP packet filtering policy is applied and at step 
570, packet is send out. 

In regards to claim 13, Lee shows in figure 5 a packet processing method to 
using a firewall in association with real-time Internet applications. After layer 3 and 
layer 4 processing is carried out at step 515, at step 520 the packet is split into TCP and 
UDP data. The process of figure 5 is carried out according to the functions of the 
network layers in figure 2, where layers 7 through 3 implement packet filter policy 
(establishing a policy manager). 

Subsequently in steps 550 and 555, packet filtering is applied (examining the 
packet via one or more filters in the policy manager). In further regards, figure 1 
illustrates a schematic diagram of a computer network including a hybrid firewall 100 



Application/Control Number: 10/723,916 Page 8 

Art Unit: 2419 

inclusive of packet filter 106 (the policy manager having a set of policies represented by 
filters). The packet filter 106 examines packets at layer 3 and layer 4 to selectively 
control the flow of data to and from networks 110 and 1 20. Packet filter 1 06, will follow 
predetermined security rules that specify which types of packets to allow to pass and 
which types of packets to block (see column 4, lines 40-45) (a first filter to examine a 
type of packet). 

Furthermore, packets are allowed or blocked based on layer 3 information such 
as destination IP address (see column 4, lines 46-50) (or a destination of the packet via 
a second filter). 

Returning to figure 5, if at step 555, a packet is allowed to pass through; at 
subsequent steps 560 and 565, TCP and IP headers are respectively added. 

At step 565, an IP header is added to outgoing packet (dynamically determining 
whether to apply a mobile IP to the packet). 

In further regards to claim 13, Lee fails to teach neither the filtering policies being 
applied on a mobile node using a mobile IP protocol nor associating mobile IP to the 
packet if the packet does not match with any of the filtering. Inoue teaches the above- 
mentioned limitation in figure 3 where a mobile IP network is shown with gateways 4a- 
4c and a mobile node 2. Furthermore, since a mobile IP network exists, Inoue is also 
reads on transmitting a packet via a mobile node (see figure 36, arrow going from MN 2 
to CH3). The gateways, carryout filtering according to prescribe security policies for the 
mobile node (see column 11, lines 19-23). 
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Furthermore, in figure 20 case 6, where the mobile node is in an external network 
(where being inside the home network reads on the filtering criteria) and a 
correspondent host in the home network, mobile IP is applied (see column 30, lines 9- 
1 9) and the packet format used is from figure 4D. 

Therefore, it would have been obvious to one skilled in the art at the time the 
invention was made to incorporate the firewall processing method taught by Lee into a 
security policy implement by the gateways in the mobile IP network disclosed by Inoue. 
The motivation to do so would be to provide security for real time applications that use 
mobile IP. 

In regards to claim 15, Lee in combinations with Inoue teaches all the limitations 
of parent claim 13. Lee further shows in steps 565 an IP header added to a packet. 
Lee fails to show new source and destination addresses being added to an IP header. 
Inoue however shows in figure 7, an inner IP header being added with a new source 
and destination addresses. 

Therefore, it would have been obvious to one skilled in the art at the time the 
invention was made to incorporate the firewall processing method taught by Lee into a 
security policy implement by the gateways in the mobile IP network disclosed by Inoue. 
The motivation to do so would be to provide security for real time applications that use 
mobile IP. 

In regards to claim 17, Lee shows in step 520, the data being split into TCP and 
UDP data and in steps 550 and 560, UDP packet filtering policy is applied. 
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Response to Arguments 

3. Applicant's arguments filed 8/25/2008 have been fully considered but they are 
not persuasive. The applicant argues that the filtering mechanism in Inoue is different 
from the filtering mechanism in the present claimed invention. The applicant specifically 
argues that Inoue simply describes the filtering mechanism as simply allowing or not 
allowing a packet through. A further examination of Inoue proves otherwise. Gateways 
4a, 4b and 4c, perform authentication check when a transmitted packet is a packet that 
is transmitted from a computer not managed by that gateway; the gateways don't 
perform the authentication check when a transmitted packet is a packet that is 
transmitted form a computer that is managed by that gateway (see column 14, lines 47- 
63). Whether a packet is from within its management area or not reads on examining a 
type of packet. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JAY P. PATEL whose telephone number is (571)272- 
3086. The examiner can normally be reached on M-F 9:00 am - 5:00 p.m.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Edan Orgad can be reached on (571) 272-7884. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Jay P. Patel 
Examiner 
Art Unit 2419 



/Edan Orgad/ 

Supervisory Patent Examiner, Art Unit 2419 



